Vulnerability Details CVE-2021-21517
SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.3%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.4
References
- https://www.dell.com/support/kbdoc/en-us/000183576/dsa-2021-045-dell-emc-srs-policy-manager-security-update-for-external-entity-injection-vulnerability
- https://www.dell.com/support/kbdoc/en-us/000183576/dsa-2021-045-dell-emc-srs-policy-manager-security-update-for-external-entity-injection-vulnerability
Products affected by CVE-2021-21517
-
cpe:2.3:a:dell:emc_srs_policy_manager:6.6
-
cpe:2.3:a:dell:emc_srs_policy_manager:6.8.3
-
cpe:2.3:a:dell:emc_srs_policy_manager:6.9.0